Hello, I use channels in couchbase as a form of access control in a shared document system. Generally, users have access to multiple channels and documents belong to only 1 channel. One issue I have not been able to solve is when I remove a channel from a user, I want all of the documents in that channel to be removed from the user’s device.
I think the current behavior of CBL is that when I remove a channel from a user’s admin_channels, that user doesn’t receive any further updates on documents in that channel, but the previously synced documents remain on the user’s device. In my scenario, I also need to “revoke” access to the already synced documents in that channel.
Is there a way to purge local documents when a user’s admin_channels are updated?
Thank you
The Lost Access paragraph in this blog covers this scenario Access Denied, or Access Lost? Some Tips on Sync Gateway (cc @hod.greeley)
So documents pulled via access to the channel should be removed when revoking the user’s access to the channel. Are you noticing something different?
Is access to the channel revoked through:
- the sync function or
- via updating the user’s
admin_channels through the REST API?
James
Thank you for the pointer to the Lost Access section of the blog post. It provides some very useful information for my scenario.
I have been using Couchbase Lite Viewer to observe incoming sequences and to observe what happens when a channel is removed from a user. Now that I have a better idea of what to look for - a special tombstone revision of the documents - I will perform further tests to confirm the expected behavior. I will also double-check that my application logic is not at fault.
I am revoking access by updating the user’s admin_channels through the REST API.
Thank you
@graywave Sorry, the blog post was meant to say a document shows as removed on the client side when a document is removed from a channel. I apologize. It was my intention to convey that removing a document from a channel causes the removal, but on rereading I see how it’s confusing.
There’s an open issue around removing documents when a user is removed from a channel. There are a number of issues to consider for a general solution. See Removing users from channels does not remove documents · Issue #264 · couchbase/sync_gateway · GitHub
To do what you’re attempting, since you are guaranteeing a doc goes into only one channel, here’s an approach Adam Fraser suggested:
- Use a user_profile doc to manage the set of channels for a user
- Store two properties in the user_profile doc (‘active_channels’, ‘removed_channels’)
- When updating the user_profile doc, add any new channels to active_channels, add any channels removed to removed_channels
- Sync function does access grant based on active_channels
- Ensure user always has access to user_profile doc. When client gets an update to the user_profile doc, execute a local purge of all documents in removed_channels
A couple of potential complications:
-
#5 assumes the client can execute a query to identify which docs belong to channel foo. Depends on client’s ability to replicate sync function logic
-
When to prune removed_channels. You can’t prune it on every update, because you don’t know whether the client has processed the previous update yet.